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DETAILED ACTION 

1 . Claims 1-30 are pending. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

3. Claims 29 and 30 are rejected as being directed to non-statutory subject matter. Claim 29 
and dependent claim 30 recite a program product that is borne as a computer readable signal 
bearing medium. 

Broadly construed, a signal bearing medium is merely a digital or electronic signal and is 
intangible. In order for the program product to be statutory under 35 USC 101, the claim as a 
whole must be concrete, useful, and tangible. 



Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

5. Claims 1-3, 6-9, 14-16, 19-22, 27-30 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Chan, US patent 5713018. 
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In reference to claim 1 : 

Chan discloses a method of executing a query in a database management system, the method 
comprising: 

• Receiving an SQL statement from an application program coupled to the database 
management system, where the SQL statements are received from a client through the 
clients' DBMS access program. (Column 2, lines 48-67) 

• Executing the SQL program. (Column 1, lines 65-67) 

• Encrypting the SQL statement to generate an encrypted representation of the SQL 
statement, where the SQL is encrypted into an encrypted SQL string. (Column 3, lines 
11-51) 

• Logging execution of the SQL statement in a database monitor by storing the encrypted 
representation of the SQL statement in an execution log managed by the database 
monitor; whereby access to an unencrypted representation of the SQL statement via the 
database monitor requires decryption of the encrypted representation of the SQL 
statement stored in the execution log, where the SQL is logged in a table, and access to 
the statement requires decryption of the statement for the statement to be properly 
executed. (Column 3, lines 50-60) & (Column 4, lines 35-60) 

In reference to claim 2 
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Chan (Column 3, lines 12-37) discloses the method of claim 1, further comprising encrypting at 
least one value passed to one of host variable and a parameter marker used by the SQL 
statement, wherein logging execution of the SQL statement further comprises storing the 
encrypted value in the execution log, where the SQL statement is the value passed to the host 
variable, the encrypted SQL string also known as the constant string (Column 3, lines 50-55) and 
the parameter markers which are used for the arguments. 

In reference to claim 3: 

Chan discloses a method of logging query execution in a database management system, the 
method comprising, 

• Generating an encrypted representation of an execution detail for a query executed by the 
database management system (Column 3,lines 10-37) 

• Logging the execution detail for the query in an execution log for the database 
management system by storing the encrypted representation thereof in the execution log, 
where the execution detail is logged in a table and stored therein in its encrypted 
representation. (Column 3, lines 50-60) & (Column 4, lines 50-60) 

In reference to claim 6: 

Chan discloses the method of claim 3, wherein generating the encrypted representation is 
performed prior to communicating the query to the database management system. (Column 4, 
lines 40-50) 
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In reference to claim 7: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution detail 
comprises a query statement, where the query statement is the SQL or "structured query" 
statement. 

In reference to claim 8: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution detail 
comprises a value passed to a host variable during execution of the query, where the host 
variable is the encrypted SQL string, and the value passed to the variable is the value of the 
function Encrypt(). 

In reference to claim 9: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution detail 
comprises a value passed to a host variable during execution of the query where the host variable 
is the encrypted SQL string, and the value passed to the variable is the value of the function 
Encrypt(). 

In reference to claim 14: 

Chan (Column 2, line 60- Column 3, line 60) discloses the method of claim 3, further comprising 
determining if database monitoring is enabled in the database management system, wherein 
generating the encrypted representation is performed if it is determined that database monitoring 
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is enabled where the database monitoring comprises receiving incoming SQL statements, and 
where the encrypted representation is generated if the system of Chan is used. 

In reference to claim 15: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the query comprises an 
SQL statement. 

In reference to claim 16: 

Chan (Column 2, line 60- Column 3, line 60) discloses an method apparatus, comprising: 

• At least one processor; (Column 2,lines 40-45) 

• A memory within which is stored an execution log; (Column 2,'lines 40-60) & (Column 
3, lines 50-60) 

• Program code configured to be executed by the at least one processor to log query 
execution in a database management system by generating an encrypted representation of 
an execution detail for a query executed by the database management system (Column 3, 
lines 10-25), and logging the execution detail for the query in the execution log by storing 
the encrypted representation thereof in the execution log. (Column 3, lines 50-60) 

Claim 19 is rejected for the same reasons as claim 6. 



In reference to claim 20: 
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Chan (Column 3, lines 50-60) discloses the apparatus of claim 16, wherein the execution detail 
comprises a query statement. 

In reference to claim 21 : 

Chan (Column 10, lines 10-37) disclose the apparatus of claim 16, wherein the execution detail 
comprises a value passed to a host variable during execution of the query, where the host 
variable is the embedded constant string, and where the value passed to it is the value of the 
function of Encrypt(SQL statement with placeholders) 

In reference to claim 22: 

Chan (Column 3, lines 1-60) & (Column 4, lines 10-35) discloses the apparatus of claim 16, 
wherein the execution detail comprises a value passed to a parameter market during execution of 
the query, where the value passed to the parameter markers are the arguments. 

Claim 27 is rejected for the same reasons as claim 14. 

In reference to claim 28: 

Chan (Column 3, lines 50-60) discloses the apparatus of claim 16, wherein the query comprises 
an SQL statement. 

Claim 29 is rejected for the same reasons as claim 16. 
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In reference to claim 30: 

CHan (Column 2, lines 25-60) discloses the program product of claim 29, wherein the computer 
readable signal bearing medium includes at least one of a transmission medium and a recordable 
medium, where the recordable medium is memory. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 4,5 10-13, 17, 18, 23-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chan. 

In reference to claim 4: 

Chan fails to explicitly disclose the method of claim 3, further comprising receiving the query in 
an unencrypted form from an application program in communication with the database 
management system. 

However, the Examiner takes official notice that receiving an SQL query in unencrypted form 
was well known at the time of the invention. In fact it was the state of the prior art. Chan 
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attempts to provide some measure of security in executing SQL statements by a DBMS. The 
prior art comprises transmitting and receiving these commands in unencrypted form. 

It would have been obvious to one of ordinary skill in the art at the time of invention to receive 
the query in unencrypted form in order to provide the advantage of speeding up processing and 
execution times without the added overhead of implemented security. 

In reference to claim 5: 

Chan fails to explicitly disclose the method of claim 4, wherein generating the encrypted 
representation is performed after communicating the query to the database management system. 

Chan instead discloses that the SQL statements are sent and that the encrypted versions of these 
statements are generated. Chan does not explicitly disclose the order of these events. 

The Examiner takes official notice that generating the encrypted representation after 
communication the query to the DBMS was well known at the time of invention. 

Often time, a query is announced to a DBMS as a preparatory handshake signal to determine if 
the server is active and waiting. Once the handshake is complete, the encryption may further 
proceed. It is advantageous to do this because it conserves on the computational resources 
necessary to perform the encryption if the encryption is not necessary. 
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It would have been obvious to one of ordinary skill in the art at the time of invention to generate 
the encrypted representation after communicating the query in order to first determine which 
version of the DB access program the client is using. (Column 2, lines 60-67) 

In reference to claim 10: 

Chan fails to explicitly disclose the method of claim 3, further comprising logging a second 
execution detail for the query in the execution log in an unencrypted representation. 

Chan rather discloses logging the statements in encrypted form in a table. (Column 3, lines 50- 
60) & (Figure 3) 

It would have been obvious to one of ordinary skill in the art to log an unencrypted 
representation of the string in order to conserve the resources necessary to compute the 
encryption. 

In reference to claim 11: 

Chan discloses the method of claim 10, wherein the second execution detail includes at least one 
of an access plan and a performance statistic associated with execution of the query, where the 
access plan is the 2 nd modified access program used by trusted clients. (Column 2, lines 60-67) 
& (Column 3, line 60 - Column 4, line 5) 
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In reference to claim 12: 

Chan (Column 4, lines 15-25) discloses the method of claim 3 further comprising decrypting the 
execution detail in association with displaying the execution log. 

Chan fails to explicitly disclose displaying the execution log. 

The examiner takes official notice that displaying computer data was well known to those of 
ordinary skill in the art at the time of invention. For example, such logs are often generated as 
reports to serve administrators who seek to maintain the system. 

It would have been obvious to one of ordinary skill in the art to display the execution log in order 
to provide a Database administrator with the output necessary to maintain the system. 

Claim 13 is rejected for the same reasons as claim 26. 
Claim 17 is rejected for the same reasons as claim 4. 
Claim 18 is rejected for the same reasons as claim 5. 
Claim 23 is rejected for the same reasons as claim 10. 
Claim 24 is rejected for the same reasons as claim 1 1 . 
Claim 25 is rejected for the same reasons as claim 12. 

In reference to claim 26: 

Chan (Column 3, lines 35-50) fails to explicitly disclose the apparatus of claim 25, wherein the 
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program code is configured to generate the encrypted representation by encrypting the execution 
detail using a public key, and wherein the program code is configured to decrypt the execution 
detail by decrypting the execution detail using a private key paired with the public key. 

Chan instead discloses encryption with the private key and decryption with the public key. 



The examiner takes official notice that public key cryptography was well known to those of 
ordinary skill in the art at the time of invention. Public key cryptography encrypts with the 
public key and decrypts with the private key. The method Chan is advocating is a digital 
signature algorithm which encrypts with a private key and decrypts with the public key. 

It would have been obvious to one of ordinary skill in the art at the time of invention to encrypt 
the SQL code with the public key and decrypt with the private key in order to establish the 
secrecy such that only the person with the private key would be able to read and decipher the 
query. 

Conclusion 

8. The following art not relied upon is made of record: 

• US patent 6792425 is a secure database system 

• US patent 5987422 is a database method of executing and logging a procedure 

• US patent 5950188 is a method of executing database commands and logs the 
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commands in a command buffer. 



9. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gilberto Barron can be reached on (571)272-3799. 

The Examiner may also be reached through email through Thomas. Ho6@uspto.Rov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 fax: 571-273-8300 
Customer Service Representative Telephone: 571-272-2100 Fax: 571-273-8300 



TMH 



March 18 th , 2007 



GILBERTO BARRON 3^ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




